CVE-2009-1299: Medium severity Pulseaudio Pulseaudio vulnerability
Published Mar 18, 2010
·Updated
The pamakesecuredir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
Affected Software
2 affected components
Pulseaudio Pulseaudio=0.9.10
Pulseaudio Pulseaudio=0.9.19
Event History
Mar 18, 2010
CVE Published
via MITRE·05:12 PM
Data Sourced
via MITRE·05:12 PM
Description
Data Sourced
via NVD·05:30 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2009-1299?
CVE-2009-1299 is categorized as a high severity vulnerability due to its potential for privilege escalation through a symlink attack.
2
How do I fix CVE-2009-1299?
To fix CVE-2009-1299, update PulseAudio to version 0.9.20 or later, which includes the necessary security patches.
3
What are the affected versions of PulseAudio in CVE-2009-1299?
The affected versions of PulseAudio in CVE-2009-1299 are 0.9.10 and 0.9.19.
4
Can CVE-2009-1299 be exploited remotely?
No, CVE-2009-1299 can only be exploited locally by an authenticated user.
5
What does the CVE-2009-1299 vulnerability allow an attacker to do?
CVE-2009-1299 allows an attacker to change ownership and permissions of arbitrary files using a symlink attack.